I just came across this while configuring the CA certs for some
software. It would be really nice if this security issue were fixed at
some point. In the meantime, it looks like
/etc/ssl/certs/ca-certificates.crt doesn't have the snake oil
certificate (at least on my systems) even though /etc/ssl/cert does have
symlinks to it. So I think it might be a reasonable workaround to point
software at the single file instead of the directory?
